<?php
/**
* Detect SQL-Injection
* Thanks to : DestructiO (destructioo@gmail.com)
*/

function clean_variable($variable) {
	$new_variable = preg_replace('/[^a-zA-Z0-9\_\-]/', '', $variable);
	return $new_variable;
}

function set_sec_see($variable=NULL) {
	$newvariable = clean_variable($variable);
	if(@preg_match('/[^a-zA-Z0-9\_\-\.]/', $variable)){}
	return newvariable;
}

function sql_check($check_array) {
	$badstrings = array(";", "'", "*", "/", " \ ",
	"DROP", "SELECT", "UPDATE", "DELETE", "WHERE",
	"drop", "select", "update", "delete", "where",
	"-1", "-2", "-3","-4", "-5", "-6", "-7", "-8", "-9",);
	
	foreach($check_array as $value)
	{
		$value = clean_variable($value);
		if(in_array($value, $badstrings))
			die("SQL Injection detected!<br />IP:".$_SERVER['REMOTE_ADDR']);
		else
		{
			$check = preg_split("//", $value, -1, PREG_SPLIT_OFFSET_CAPTURE);
			foreach($check as $char)
				if(in_array($char, $badstrings))
					die("SQL Injection detected!<br />IP:".$_SERVER['REMOTE_ADDR']);
		}
	}
}
?>
